------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 x11-misc/xnview lt; 1.70 Vulnerable! ------------------------------------------------------------------- # Package 1 only applies to x86 users. ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers.

Description===========

XnView is vulnerable to a stack-based buffer overflow while processingan XPM file with an overly long section string (greater than 1024bytes).

Impact======

An attacker could entice a user to view a specially crafted XPM filewith XnView that could trigger the vulnerability and possibly executearbitrary code with the rights of the user running XnView.

Workaround==========

There is no known workaround at this time.

Resolution==========

No update appears to be forthcoming from the XnView developer andXnView is proprietary, so the XnView package has been masked inPortage. We recommend that users select an alternate graphics viewerand conversion utility, and unmerge XnView:

This GLSA and any updates to it are available for viewing atthe Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200707-06.xml

Concerns?=========

Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttp://bugs.gentoo.org.